Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow the system owner to specify the key owner #140

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Allow the system owner to specify the key owner #140

wants to merge 1 commit into from

Conversation

samnissen
Copy link
Contributor

Fixes #139

I tried to write a test for this, but cannot reliably change the file ownership.

it 'raises an exception when the file is owned by others' do
  FileUtils.chmod 0o777, Dir.glob("#{the_test_path}/*")
  keystore.write('TEST')

  user = nil
  Etc.passwd { |u| break user = u unless Etc.getlogin == u.name }
  username = user.name
  groupname = Etc.getgrgid(user.gid.to_i).name
  
  FileUtils.chown username, groupname, Dir.glob("#{the_test_path}/*")
  FileUtils.chmod 0o600, Dir.glob("#{the_test_path}/*")
  assert_raises { keystore.read }
end

causes:

  1) Error:
SymmetricEncryption::Keystore::File::#write, #read#test_0003_raises an exception when the file is owned by others:
Errno::EPERM: Operation not permitted @ apply2files - tmp/keystore/file_test/tester.key.1574679581
    /Users/samuel.nissen/.rvm/rubies/ruby-2.6.3/lib/ruby/2.6.0/fileutils.rb:1329:in `chown'
    /Users/samuel.nissen/.rvm/rubies/ruby-2.6.3/lib/ruby/2.6.0/fileutils.rb:1329:in `chown'
    /Users/samuel.nissen/.rvm/rubies/ruby-2.6.3/lib/ruby/2.6.0/fileutils.rb:1046:in `block in chown'
    /Users/samuel.nissen/.rvm/rubies/ruby-2.6.3/lib/ruby/2.6.0/fileutils.rb:1045:in `each'
    /Users/samuel.nissen/.rvm/rubies/ruby-2.6.3/lib/ruby/2.6.0/fileutils.rb:1045:in `chown'
    /Users/samuel.nissen/Development/symmetric-encryption/test/keystore/file_test.rb:106:in `block (3 levels) in <class:FileTest>'

@ablock
Copy link

ablock commented Dec 25, 2021

The problem with this solution is that it still ties the ownership check to a single user account. In our environment we find that Rails is run by multiple different users depending on whether the app is being deployed, served, or run in the console. So I see two possible solutions:

  1. Allow the ownership check to be bypassed altogether
  2. Match the keyfile's group to one of the groups of the process ID's login

@reidmorrison
Copy link
Owner

Yes, this specific check to ensure that the file is owned by the current user has caused difficulties for anyone not running under that scenario. Works for most, but there are legitimate cases where bypassing this check would be reasonable.

How about a config option that will tell it to ignore this file ownership check?

Something like:

SymmetricEncryption.skip_ownership_check!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Ownership must be circumvented
3 participants
@samnissen @ablock @reidmorrison